I know that TLS is essentially a newer version of SSL, and that it generally supports transitioning a connection from unsecured to secured (commonly through a STARTTLS command).

What I don't understand is why TLS is important to an IT Professional, and why given the choice I would pick one over the other. Is TLS really just a newer version, and if so is it a compatible protocol?

5 Answers
5

SSL is the precursor to TLS. SSL was a proprietary protocol developed by Netscape Communications, later standardised within IETF and renamed as TLS.
In short, the versions go in this order: SSLv2, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2.

Contrarily to a relatively wide-spread belief, this is not at all about having to run a service on a distinct port with SSL and being able to on the same port as the plain-text variant with TLS.
Both SSL and TLS can be used for the two approaches. This is about the difference between SSL/TLS upon connection (sometimes referred to as "implicit SSL/TLS") and SSL/TLS after an command was issued at the protocol level, typically STARTTLS (sometimes referred to as "explicit SSL/TLS"). The key word in STARTTLS is "START", not TLS. It's a message, at the application protocol level, to indicate there needs to be a switch to SSL/TLS, if it hasn't been initiated before any application protocol exchange.

Using either modes should be equivalent, provided the client is configured to expect SSL/TLS one way or another, so as not to be downgraded to a plain-text connection.

Longer answer:

SSL v.s. TLS

As far as I'm aware, SSLv1 never left the labs. SSLv2 and SSLv3 were protocols developed
by Netscape. SSLv2 has been considered insecure for a while, since it's prone to downgrade attacks.
SSLv3 internally uses (3,0) as its version number (within the ClientHello message).

TLS is the result of the standardisation as a more open protocol within IETF.
(I think I have read somewhere, perhaps in E. Rescorla's book, that the name had been chosen in such
a way that all participants were equally unhappy with it, so as not to favour a particular company:
this is quite common practice in standards body.) Those interested in how the transition was made can read the SSL-Talk List FAQ; there are multiple copies of this document around, but most links (to netscape.com) are outdated.

Use the highest version you can if possible. In practice, as a service provider, this will require
your users to have clients that support these versions. As usual, it's always a risk-assessment exercise (preferably backed with a business case if appropriate).
This being said, cut off SSLv2 anyway.

In addition, note that the security provided by SSL/TLS isn't just about which version you use, it's also about proper configuration: it's certainly preferable to use SSLv3 with a strong cipher suite than TLSv1.0 with a with a weak (or anonymous/null-encryption) cipher suite.
Some cipher suites, considered too weak, have been explicitly forbidden by newer versions of TLS. The tables in the Java 7 SunJSSE provider (and their footnotes) can be of interest if you want more details.

It would be preferable to use TLS 1.1 at least, but not all clients support them yet unfortunately (e.g. Java 6). When using a version under 1.1, it's certainly worth looking into mitigating the BEAST vulnerability.

Implicit v.s. Explicit SSL/TLS

There is a myth saying that TLS allows you to use the same port whereas SSL can't. That's just not true (and I'll leave port unification out for this discussion).
Unfortunately, this myth seems to have been propagated to users by the fact that some applications like MS Outlook sometimes offer a choice between SSL and TLS in their configuration options when they actually mean a choice between implicit and explicit SSL/TLS. (There are SSL/TLS experts at Microsoft, but it seems they weren't involved in the Outlook UI.)

I think the reason why this confusion happen is because of the STARTTLS mode. Some people seem that have understood this as STARTTLS = TLS, but this is not the case.
The key word in STARTTLS is "START", not TLS. Why this wasn't called STARTSSL or STARTSSLORTLS is because these extensions were specified within IETF, which only used names used in its specifications (assuming that the TLS name would eventually be the only standing, I guess).

SSL on the same port as the plain-text service: HTTPS proxy.

Nowadays, most HTTPS servers can handle TLS, but a few years ago, most people were using SSLv3 for HTTPS. HTTPS (strictly speaking, standardised as HTTP over TLS) normally establishes the SSL/TLS connection upon TCP connection, and then exchanges HTTP message over the SSL/TLS layer.
There is an exception to this when using an HTTP proxy in between. In this case, the client connects to the HTTP proxy in clear (typically on port 3128), then issues the CONNECT HTTP command and, provided the response was successful, initiates the SSL/TLS handshake by sending a ClientHello message. All of this happens on the same port as far as the connection between browser and proxy is concerned (obviously not between proxy and the target server: it's not even the same machine). This works just fine with SSLv3. Many of us in situations behind a proxy will have used this against servers that didn't support at least TLS 1.0.

SSL on the same port as the plain-text service: e-mail.

This one is clearly out of specifications, but in practice, it often works.
Strictly speaking the specifications talk about switching to TLS (not SSL) after using the STARTTLS command. In practice, SSL often works too (just like the "HTTP over TLS" spec also encompasses
using SSL instead of TLS too).
You can try it by yourself. Assuming you have an SMTP or IMAP server that supports STARTTLS,
use Thunderbird, go into the preferences, advanced options, config editor and turn off security.enable_tls.
Many servers will still accept the connection, simply because their implementations delegate the SSL/TLS layer to an SSL/TLS library which will generally be able to handle SSL and TLS in the same way, unless configured not to do so. As the OpenLDAP FAQ puts it, "While the mechanism is designed for use with TLSv1, most implementations will fallback to SSLv3 (and SSLv2) if necessary. ". If you're not sure, check with a tool like Wireshark.

TLS on a distinct port.

Many clients can use TLS 1.0 (at least) for protocols where the secured variant is on a different port. Obviously, there are a number of browsers and web servers that support TLS 1.0 (or above) for HTTPS. Similarly, SMTPS, IMAPS, POPS and LDAPS can use TLS too. They're not limited to SSL.

When do I use which? When do I not use which?

Between explicit and implicit SSL/TLS, it doesn't really matter. What matters is that your client knows what to expect and is configured appropriately to do so. More importantly, it should be configured to reject plain text connections when it's expecting an SSL/TLS connection, whether it's implicit or explicit.

The main difference between explicit and implicit SSL/TLS will be in the clarity of the configuration settings.

For example, for LDAP, if the client is an Apache Httpd server (mod_ldap -- its documentation also mislabels the difference between SSL and TLS, unfortunately), you can use implicit SSL/TLS by using an ldaps:// URL (e.g. AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one) or use explicit SSL/TLS by using an extra parameter (e.g. AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one TLS).

There is perhaps generally speaking a slightly lesser risk when specifying the security protocol in the URL scheme (https, ldaps, ...) than when expecting the client to configure an additional setting to enable SSL/TLS, because they may forget. This is arguable.
There may also be issues in the correctness of the implementation of one versus the other too (for example, I think the Java LDAP client doesn't support host name verification when using ldaps://, when it should, whereas it is supported with ldap:// + StartTLS).

In doubt, and to be compatible with more clients if possible, it doesn't seem to do any harm to offer both services when the server supports it (your server will just be listening on two ports at the same time). Many server implementations for protocols that can be used with either modes will support both.

It is the responsibility of the client not to let itself being downgraded to a plain-text connection. As a server administrator, there is nothing you can technically do on your side to prevent downgrade attacks (apart from requiring a client-certificate perhaps). The client must check that SSL/TLS is enabled, whether it's upon connection or after a STARTTLS-like command. In the same way as a browser shouldn't let itself be redirected from https:// to http://, a client for a protocol that support STARTTLS
should make sure the response was positive and the SSL/TLS connection was enabled before proceeding any further. An active MITM attacker could otherwise easily downgrade either connections.

TLS is a newer protocol than SSL (but AFAIK, it's compatible with SSL v3). Usually, there's only one difference you need to worry about:

A SSL'ed protocol usually has a separate port - for example, 80 for HTTP and 443 for HTTPS (HTTP/SSL). When you connect to the SSL port, the entire session is encrypted.

TLS is newer than SSL, and it doesn't require a separate port - instead it has to be negotiated by the client.. For example, you can run IMAP on port 143, and if both mail server and client support TLS, the client will send a STARTTLS command and only then enable encryption. This way you don't need a separate SSL-only port, while staying compatible with SSL-less applications.

Summary:SSL: Slightly older. Separate ports for plain and encrypted connections. All traffic on SSL port is always encrypted.TLS: Single port for both plain and encrypted connections. Encryption is only enabled after client issues a STARTTLS command.

The fact that using STARTTLS in some protocols enables to switch to TLS on the same connection isn't a difference between SSL and TLS. Technically you could switch to SSLv3 in the same way.
– BrunoSep 22 '10 at 14:30

SSL stands for Secure Sockets Layer.
Netscape originally developed this
protocol to transmit information
privately, ensure message integrity,
and guarantee the server identity. SSL
works mainly through using
public/private key encryption on data.
It is commonly used on web browsers,
but SSL may also be used with email
servers or any kind of client-server
transaction. For example, some instant
messaging servers use SSL to protect
conversations.

TLS stands for Transport Layer
Security. The Internet Engineering
Task Force (IETF) created TLS as the
successor to SSL. It is most often
used as a setting in email programs,
but, like SSL, TLS can have a role in
any client-server transaction.

The differences between the two
protocols are very minor and very
technical, but they are different
standards. TLS uses stronger
encryption algorithms and has the
ability to work on different ports.
Additionally, TLS version 1.0 does not
interoperate with SSL version 3.0.

The OP has already stated that TLS is a newer version of SSL. The remainder of your post is a comment. Not an answer.
– user207421Sep 29 '12 at 10:09

@EJP: did you notice the answer is > 3years old ?
– IainSep 29 '12 at 10:56

(I wonder whether even a ♦-mod may edit another user's question to add "I know that..." which is not applicable to the original user)
– wRARSep 29 '12 at 17:02

1

@EJP, to be fair to wRAR, the editing of this question has been the subject of long debates (see here and here). Of course, none of this is immediately visible without looking through the history. (Note that this edit was made by a mod...)
– BrunoSep 29 '12 at 19:42